Commit 98008e29 authored by Ben Hutchings's avatar Ben Hutchings

Merge tag 'debian/4.19.20-1'

Release linux (4.19.20-1).
parents 1a811f45 9050e91a
...@@ -52,7 +52,7 @@ linux (4.20-1~exp1) experimental; urgency=medium ...@@ -52,7 +52,7 @@ linux (4.20-1~exp1) experimental; urgency=medium
-- Ben Hutchings <ben@decadent.org.uk> Mon, 24 Dec 2018 04:26:47 +0000 -- Ben Hutchings <ben@decadent.org.uk> Mon, 24 Dec 2018 04:26:47 +0000
linux (4.19.20-1) UNRELEASED; urgency=medium linux (4.19.20-1) unstable; urgency=medium
* New upstream stable update: * New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.17 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.17
...@@ -62,6 +62,14 @@ linux (4.19.20-1) UNRELEASED; urgency=medium ...@@ -62,6 +62,14 @@ linux (4.19.20-1) UNRELEASED; urgency=medium
- tty: Don't hold ldisc lock in tty_reopen() if ldisc present - tty: Don't hold ldisc lock in tty_reopen() if ldisc present
- can: gw: ensure DLC boundaries after CAN frame modification - can: gw: ensure DLC boundaries after CAN frame modification
(CVE-2019-3701) (CVE-2019-3701)
- netfilter: nf_conncount: don't skip eviction when age is negative
- netfilter: nf_conncount: split gc in two phases
- netfilter: nf_conncount: restart search when nodes have been erased
(Closes: #921616)
- netfilter: nf_conncount: merge lookup and add functions
- netfilter: nf_conncount: move all list iterations under spinlock
- netfilter: nf_conncount: speculative garbage collection on empty lists
- netfilter: nf_conncount: fix argument order to find_next_bit
- [arm64] mmc: sdhci-msm: Disable CDR function on TX - [arm64] mmc: sdhci-msm: Disable CDR function on TX
- Revert "scsi: target: iscsi: cxgbit: fix csk leak" - Revert "scsi: target: iscsi: cxgbit: fix csk leak"
- scsi: target: iscsi: cxgbit: fix csk leak - scsi: target: iscsi: cxgbit: fix csk leak
...@@ -160,7 +168,8 @@ linux (4.19.20-1) UNRELEASED; urgency=medium ...@@ -160,7 +168,8 @@ linux (4.19.20-1) UNRELEASED; urgency=medium
- [mips] SiByte: Enable swiotlb for SWARM, LittleSur and BigSur - [mips] SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
- [arm64] perf: set suppress_bind_attrs flag to true - [arm64] perf: set suppress_bind_attrs flag to true
- drm/atomic-helper: Complete fake_commit->flip_done potentially earlier - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier
- [arm64] clk: meson: meson8b: fix incorrect divider mapping in cpu_scale_table - [arm64] clk: meson: meson8b: fix incorrect divider mapping in
cpu_scale_table
- samples: bpf: fix: error handling regarding kprobe_events - samples: bpf: fix: error handling regarding kprobe_events
- usb: gadget: udc: renesas_usb3: add a safety connection way for - usb: gadget: udc: renesas_usb3: add a safety connection way for
forced_b_device forced_b_device
...@@ -437,15 +446,92 @@ linux (4.19.20-1) UNRELEASED; urgency=medium ...@@ -437,15 +446,92 @@ linux (4.19.20-1) UNRELEASED; urgency=medium
* debian/tests/python: Fix spurious failure due to misuse of stderr * debian/tests/python: Fix spurious failure due to misuse of stderr
* Update "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for ..." * Update "Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for ..."
to not duplicate the conditional warning/error to not duplicate the conditional warning/error
* Bump ABI to 3
* drivers/firmware: Enable FW_CFG_SYSFS as module (Closes: #882208)
* [arm64,armhf,ia64,riscv64,sparc64] udeb: Add usb-serial-modules
(Closes: #903824)
* [powerpc*,sparc64] udeb: Add nic-usb-modules
* [armhf,riscv64,s390x] udeb: Add cdrom-core-modules
* 9p: Enable NET_9P_XEN as module
* ACPI: Enable ACPI_TAD as module
* amd-xgbe: Enable AMD_XGBE_DCB
* ath9k: Enable ATH9K_CHANNEL_CONTEXT
* block: Enable BLK_DEV_ZONED (except armel/marvell)
* bluetooth: Enable BT_HCIUART_RTL; BT_HCIUART_NOKIA, BT_MTKUART as modules
* bnxt: Enable BNXT_DCB
* ethernet: Enable HINIC, ICE, LAN743X, LIQUIDIO_VF as modules
* can: Enable CAN_VXCAN, CAN_MCBA_USB, CAN_UCAN as modules
* dm: Enable DM_UNSTRIPED, DM_WRITECACHE, DM_ZONED as modules
* [arm64,armhf] drm: Enable DRM_PANEL_RASPBERRYPI_TOUCHSCREEN as module
* dvb-usb-v2: Enable DVB_USB_ZD1301 as module
* gnss: Enable GNSS, GNSS_SIRF_SERIAL, GNSS_UBX_SERIAL as modules
* gpio: Enable GPIO_EXAR, GPIO_PCI_IDIO_16, GPIO_PCIE_IDIO_24 as modules
* HID: Enable HID_ACCUTOUCH, HID_COUGAR, HID_ELAN, HID_ITE, HID_JABRA,
HID_MAYFLASH, HID_REDRAGON, HID_RETRODE, HID_STEAM, HID_UDRAW_PS3 as
modules
* [x86] i2c: Enable I2C_DESIGNWARE_BAYTRAIL
* IB: Enable CGROUP_RDMA (except armel/marvell)
* ieee802154: Enable IEEE802154_HWSIM as module
* inet: Enable INET_RAW_DIAG as module
* input: Enable INPUT_AXP20X_PEK as module
* IPMI: Enable IPMI_SSIF as module
* joystick: Enable JOYSTICK_PXRC as module
* media/rc: Enable IR_IMON_DECODER, IR_IMON_RAW as modules
* [x86] mfd: Enable INTEL_SOC_PMIC_BXTWC, INTEL_SOC_PMIC_CHTDC_TI as modules
* mlx5: Enable MLX5_FPGA, MLX5_CORE_IPOIB; MLXFW as module
* net: Enable BPF_STREAM_PARSER, XDP_SOCKETS (except armel/marvell)
(Closes: #908860); NET_FAILOVER, SMC, SMC_DIAG, VSOCKMON as modules
* net/phy: Enable LED_TRIGGER_PHY; CORTINA_PHY, DP83822_PHY, DP83TC811_PHY,
MARVELL_10G_PHY, MICROCHIP_T1_PHY, RENESAS_PHY, ROCKCHIP_PHY as modules
* net/sched: Enable NET_SCH_CBS, NET_SCH_ETF, NET_SCH_SKBPRIO, NET_EMATCH_IPT
as modules
* PCMCIA: Enable SCR24X as module
* [x86] pinctrl: Enable PINCTRL_CANNONLAKE, PINCTRL_CEDARFORK,
PINCTRL_DENVERTON, PINCTRL_GEMINILAKE, PINCTRL_ICELAKE, PINCTRL_LEWISBURG
* [x86] rmi4: Re-enable RMI4_CORE, RMI4_SMB as modules (Closes: #875621);
RMI4_F03, RMI4_F11, RMI4_F12, RMI4_F30, RMI4_F34, RMI4_F55
* xfrm: Enable XFRM_INTERFACE as module
* PCI: Enable PCI_PF_STUB as module
* ptp: Change PTP_1588_CLOCK_KVM from built-in to module
* random: Enable RANDOM_TRUST_CPU. This can be reverted using the kernel
parameter: random.trust_cpu=off
* SCSI: Enable QEDF, QEDI as modules
* serial: Enable SERIAL_8250_EXAR, USB_SERIAL_F8153X, USB_SERIAL_UPD78F0730
as modules
* sound: Enable SND_FIREWIRE_MOTU, SND_FIREFACE, SND_XEN_FRONTEND as modules
* [x86] sound: Enable SND_SOC_AMD_CZ_DA7219MX98357_MACH,
SND_SOC_AMD_CZ_RT5645_MACH, SND_SOC_INTEL_CHT_BSW_NAU8824_MACH,
SND_SOC_INTEL_BYT_CHT_DA7213_MACH, SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH,
SND_SOC_INTEL_KBL_RT5663_RT5514_MAX98927_MACH,
SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH,
SND_SOC_INTEL_GLK_RT5682_MAX98357A_MACH as modules
* thermal: Enable DEVFREQ_THERMAL, THERMAL_STATISTICS
* tpm: Enable TCG_TIS_SPI, TCG_VTPM_PROXY as modules
* usbtouchscreen: Enable TOUCHSCREEN_USB_EASYTOUCH
* watchdog: Enable WATCHDOG_PRETIMEOUT_GOV, WATCHDOG_PRETIMEOUT_GOV_NOOP,
WATCHDOG_PRETIMEOUT_DEFAULT_GOV_NOOP; WATCHDOG_PRETIMEOUT_GOV_PANIC,
WDAT_WDT as modules
* [x86] watchdog: Enable INTEL_MEI_WDT, NI903X_WDT, NIC7018_WDT as modules
* wireless: Enable MT76x0U, MT76x2E, MT76x2U, QTNFMAC_PEARL_PCIE as modules
(Closes: #918331)
* zram: Enable ZRAM_WRITEBACK, ZRAM_MEMORY_TRACKING
* udeb: Add scsi-nic-modules containing Chelsio and Qlogic iSCSI/FC drivers
[ Marcin Juszkiewicz ] [ Marcin Juszkiewicz ]
* [arm64] enable ARM_CCI_PMU so ARM_CCI400_PMU and ARM_CCI5xx_PMU options * [arm64] enable ARM_CCI_PMU so ARM_CCI400_PMU and ARM_CCI5xx_PMU options
get really enabled. get really enabled.
* [arm64] enable PCI_PRI, PCI_PASID as PCI can be behind IOMMU in servers. * [arm64] enable PCI_PRI, PCI_PASID as PCI can be behind IOMMU in servers.
* udeb: Add virtio-gpu into d-i to get graphical output in VM instances. * udeb: Add virtio-gpu into d-i to get graphical output in VM instances.
* [arm64] Enable ARM64_ERRATUM_843419 (Closes: #920866)
[ Salvatore Bonaccorso ] [ Salvatore Bonaccorso ]
* [x86] kvmclock: set offset for kvm unstable clock (Closes: #918036) * [x86] kvmclock: set offset for kvm unstable clock (Closes: #918036)
* kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
* [x86] KVM: work around leak of uninitialized stack contents
(CVE-2019-7222)
* [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested
(CVE-2019-7221)
* HID: debug: fix the ring buffer implementation (CVE-2019-3819)
[ Hideki Yamane ] [ Hideki Yamane ]
* [x86] Enable Touchpad support on Gemini Lake via CONFIG_PINCTRL_GEMINILAKE * [x86] Enable Touchpad support on Gemini Lake via CONFIG_PINCTRL_GEMINILAKE
...@@ -457,6 +543,8 @@ linux (4.19.20-1) UNRELEASED; urgency=medium ...@@ -457,6 +543,8 @@ linux (4.19.20-1) UNRELEASED; urgency=medium
* net: can: Enable CONFIG_CAN_PEAK_PCIEFD for a PCI express CAN Bus adapter * net: can: Enable CONFIG_CAN_PEAK_PCIEFD for a PCI express CAN Bus adapter
(Closes: #920809) (Closes: #920809)
* [armhf] Enable CONFIG_SENSORS_LM75 for armhf (Closes: #918114) * [armhf] Enable CONFIG_SENSORS_LM75 for armhf (Closes: #918114)
* [armhf] Enable CONFIG_IMX_THERMAL for armhf (Closes: #883023)
* [arm64] Enable CONFIG_ARM_ARMADA_37XX_CPUFREQ for arm64 (Closes: #917939)
[ Vagrant Cascadian ] [ Vagrant Cascadian ]
* [armhf] Enable CONFIG_MMC_SDHCI_OMAP=m, used on DRA7 and related SoCs. * [armhf] Enable CONFIG_MMC_SDHCI_OMAP=m, used on DRA7 and related SoCs.
...@@ -465,7 +553,7 @@ linux (4.19.20-1) UNRELEASED; urgency=medium ...@@ -465,7 +553,7 @@ linux (4.19.20-1) UNRELEASED; urgency=medium
* [armel] add spi-orion to mtd.udeb to be able to access spi flash on e.g. * [armel] add spi-orion to mtd.udeb to be able to access spi flash on e.g.
qnap ts-21x. (Closes: #920607) qnap ts-21x. (Closes: #920607)
-- Luca Boccassi <bluca@debian.org> Fri, 18 Jan 2019 19:09:06 +0000 -- Ben Hutchings <ben@decadent.org.uk> Mon, 11 Feb 2019 16:55:59 +0000
linux (4.19.16-1) unstable; urgency=medium linux (4.19.16-1) unstable; urgency=medium
......
...@@ -3,8 +3,7 @@ ...@@ -3,8 +3,7 @@
## ##
CONFIG_PCI=y CONFIG_PCI=y
CONFIG_ARM64_ERRATUM_834220=y CONFIG_ARM64_ERRATUM_834220=y
#. Until we decide how/whether to handle this in userland as well CONFIG_ARM64_ERRATUM_843419=y
# CONFIG_ARM64_ERRATUM_843419 is not set
## choice: Virtual address space size ## choice: Virtual address space size
CONFIG_ARM64_VA_BITS_48=y CONFIG_ARM64_VA_BITS_48=y
## end choice ## end choice
...@@ -174,6 +173,7 @@ CONFIG_CPUFREQ_DT=m ...@@ -174,6 +173,7 @@ CONFIG_CPUFREQ_DT=m
## file: drivers/cpufreq/Kconfig.arm ## file: drivers/cpufreq/Kconfig.arm
## ##
CONFIG_ACPI_CPPC_CPUFREQ=m CONFIG_ACPI_CPPC_CPUFREQ=m
CONFIG_ARM_ARMADA_37XX_CPUFREQ=m
## ##
## file: drivers/cpuidle/Kconfig.arm ## file: drivers/cpuidle/Kconfig.arm
...@@ -309,6 +309,7 @@ CONFIG_NOUVEAU_PLATFORM_DRIVER=y ...@@ -309,6 +309,7 @@ CONFIG_NOUVEAU_PLATFORM_DRIVER=y
## file: drivers/gpu/drm/panel/Kconfig ## file: drivers/gpu/drm/panel/Kconfig
## ##
CONFIG_DRM_PANEL_SIMPLE=m CONFIG_DRM_PANEL_SIMPLE=m
CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN=m
## ##
## file: drivers/gpu/drm/rockchip/Kconfig ## file: drivers/gpu/drm/rockchip/Kconfig
......
...@@ -86,6 +86,7 @@ CONFIG_ARM_THUMB=y ...@@ -86,6 +86,7 @@ CONFIG_ARM_THUMB=y
## ##
## file: block/Kconfig ## file: block/Kconfig
## ##
# CONFIG_BLK_DEV_ZONED is not set
# CONFIG_BLK_SED_OPAL is not set # CONFIG_BLK_SED_OPAL is not set
## ##
...@@ -733,6 +734,7 @@ CONFIG_NLS=m ...@@ -733,6 +734,7 @@ CONFIG_NLS=m
#. Saves about 7K #. Saves about 7K
# CONFIG_MEMCG is not set # CONFIG_MEMCG is not set
# CONFIG_CFS_BANDWIDTH is not set # CONFIG_CFS_BANDWIDTH is not set
# CONFIG_CGROUP_RDMA is not set
# CONFIG_CGROUP_BPF is not set # CONFIG_CGROUP_BPF is not set
# CONFIG_CHECKPOINT_RESTORE is not set # CONFIG_CHECKPOINT_RESTORE is not set
## choice: Compiler optimization level ## choice: Compiler optimization level
...@@ -788,6 +790,7 @@ CONFIG_FLATMEM_MANUAL=y ...@@ -788,6 +790,7 @@ CONFIG_FLATMEM_MANUAL=y
## ##
#. Saves about 3K #. Saves about 3K
# CONFIG_BPF_JIT is not set # CONFIG_BPF_JIT is not set
# CONFIG_BPF_STREAM_PARSER is not set
# CONFIG_LWTUNNEL is not set # CONFIG_LWTUNNEL is not set
## ##
...@@ -826,6 +829,11 @@ CONFIG_IPV6=m ...@@ -826,6 +829,11 @@ CONFIG_IPV6=m
## ##
CONFIG_PACKET=m CONFIG_PACKET=m
##
## file: net/xdp/Kconfig
##
# CONFIG_XDP_SOCKETS is not set
## ##
## file: security/integrity/Kconfig ## file: security/integrity/Kconfig
## ##
......
...@@ -357,6 +357,7 @@ CONFIG_OMAP2_DSS_DSI=y ...@@ -357,6 +357,7 @@ CONFIG_OMAP2_DSS_DSI=y
## file: drivers/gpu/drm/panel/Kconfig ## file: drivers/gpu/drm/panel/Kconfig
## ##
CONFIG_DRM_PANEL_SIMPLE=m CONFIG_DRM_PANEL_SIMPLE=m
CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN=m
## ##
## file: drivers/gpu/drm/rockchip/Kconfig ## file: drivers/gpu/drm/rockchip/Kconfig
...@@ -1118,6 +1119,7 @@ CONFIG_SND_BCM2835=m ...@@ -1118,6 +1119,7 @@ CONFIG_SND_BCM2835=m
## ##
## file: drivers/thermal/Kconfig ## file: drivers/thermal/Kconfig
## ##
CONFIG_IMX_THERMAL=m
CONFIG_ROCKCHIP_THERMAL=m CONFIG_ROCKCHIP_THERMAL=m
CONFIG_DOVE_THERMAL=m CONFIG_DOVE_THERMAL=m
CONFIG_ARMADA_THERMAL=y CONFIG_ARMADA_THERMAL=y
......
This diff is collapsed.
...@@ -10,6 +10,7 @@ CONFIG_REFCOUNT_FULL=y ...@@ -10,6 +10,7 @@ CONFIG_REFCOUNT_FULL=y
CONFIG_ZONE_DMA=y CONFIG_ZONE_DMA=y
CONFIG_X86_MPPARSE=y CONFIG_X86_MPPARSE=y
CONFIG_RETPOLINE=y CONFIG_RETPOLINE=y
# CONFIG_INTEL_RDT is not set
# CONFIG_X86_EXTENDED_PLATFORM is not set # CONFIG_X86_EXTENDED_PLATFORM is not set
CONFIG_X86_INTEL_LPSS=y CONFIG_X86_INTEL_LPSS=y
CONFIG_X86_AMD_PLATFORM_DEVICE=y CONFIG_X86_AMD_PLATFORM_DEVICE=y
...@@ -684,6 +685,7 @@ CONFIG_I2C_SCMI=m ...@@ -684,6 +685,7 @@ CONFIG_I2C_SCMI=m
#. Sony Vaio Duo 13". #. Sony Vaio Duo 13".
CONFIG_I2C_DESIGNWARE_PLATFORM=m CONFIG_I2C_DESIGNWARE_PLATFORM=m
CONFIG_I2C_DESIGNWARE_PCI=m CONFIG_I2C_DESIGNWARE_PCI=m
CONFIG_I2C_DESIGNWARE_BAYTRAIL=y
CONFIG_I2C_KEMPLD=m CONFIG_I2C_KEMPLD=m
CONFIG_I2C_PARPORT=m CONFIG_I2C_PARPORT=m
CONFIG_I2C_PARPORT_LIGHT=m CONFIG_I2C_PARPORT_LIGHT=m
...@@ -800,6 +802,12 @@ CONFIG_MOUSE_ELAN_I2C_I2C=y ...@@ -800,6 +802,12 @@ CONFIG_MOUSE_ELAN_I2C_I2C=y
CONFIG_MOUSE_ELAN_I2C_SMBUS=y CONFIG_MOUSE_ELAN_I2C_SMBUS=y
CONFIG_MOUSE_VSXXXAA=m CONFIG_MOUSE_VSXXXAA=m
##
## file: drivers/input/rmi4/Kconfig
##
CONFIG_RMI4_CORE=m
CONFIG_RMI4_SMB=m
## ##
## file: drivers/input/serio/Kconfig ## file: drivers/input/serio/Kconfig
## ##
...@@ -812,6 +820,7 @@ CONFIG_SERIO_PCIPS2=m ...@@ -812,6 +820,7 @@ CONFIG_SERIO_PCIPS2=m
CONFIG_SERIO_LIBPS2=y CONFIG_SERIO_LIBPS2=y
CONFIG_SERIO_RAW=m CONFIG_SERIO_RAW=m
CONFIG_HYPERV_KEYBOARD=m CONFIG_HYPERV_KEYBOARD=m
# CONFIG_SERIO_GPIO_PS2 is not set
## ##
## file: drivers/input/touchscreen/Kconfig ## file: drivers/input/touchscreen/Kconfig
...@@ -925,7 +934,9 @@ CONFIG_VIDEO_TM6000_DVB=m ...@@ -925,7 +934,9 @@ CONFIG_VIDEO_TM6000_DVB=m
CONFIG_MFD_AXP20X_I2C=m CONFIG_MFD_AXP20X_I2C=m
# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set # CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
CONFIG_LPC_ICH=m CONFIG_LPC_ICH=m
CONFIG_INTEL_SOC_PMIC_BXTWC=m
CONFIG_INTEL_SOC_PMIC_CHTWC=y CONFIG_INTEL_SOC_PMIC_CHTWC=y
CONFIG_INTEL_SOC_PMIC_CHTDC_TI=m
CONFIG_MFD_INTEL_LPSS_ACPI=m CONFIG_MFD_INTEL_LPSS_ACPI=m
CONFIG_MFD_INTEL_LPSS_PCI=m CONFIG_MFD_INTEL_LPSS_PCI=m
CONFIG_MFD_KEMPLD=m CONFIG_MFD_KEMPLD=m
...@@ -1356,7 +1367,12 @@ CONFIG_PINCTRL_AMD=y ...@@ -1356,7 +1367,12 @@ CONFIG_PINCTRL_AMD=y
CONFIG_PINCTRL_BAYTRAIL=y CONFIG_PINCTRL_BAYTRAIL=y
CONFIG_PINCTRL_CHERRYVIEW=y CONFIG_PINCTRL_CHERRYVIEW=y
CONFIG_PINCTRL_BROXTON=y CONFIG_PINCTRL_BROXTON=y
CONFIG_PINCTRL_CANNONLAKE=y
CONFIG_PINCTRL_CEDARFORK=y
CONFIG_PINCTRL_DENVERTON=y
CONFIG_PINCTRL_GEMINILAKE=y CONFIG_PINCTRL_GEMINILAKE=y
CONFIG_PINCTRL_ICELAKE=y
CONFIG_PINCTRL_LEWISBURG=y
CONFIG_PINCTRL_SUNRISEPOINT=y CONFIG_PINCTRL_SUNRISEPOINT=y
## ##
...@@ -1459,6 +1475,7 @@ CONFIG_INTEL_RAPL=m ...@@ -1459,6 +1475,7 @@ CONFIG_INTEL_RAPL=m
## file: drivers/ptp/Kconfig ## file: drivers/ptp/Kconfig
## ##
CONFIG_PTP_1588_CLOCK_PCH=m CONFIG_PTP_1588_CLOCK_PCH=m
CONFIG_PTP_1588_CLOCK_KVM=m
## ##
## file: drivers/pwm/Kconfig ## file: drivers/pwm/Kconfig
...@@ -1886,6 +1903,9 @@ CONFIG_W83627HF_WDT=m ...@@ -1886,6 +1903,9 @@ CONFIG_W83627HF_WDT=m
CONFIG_W83877F_WDT=m CONFIG_W83877F_WDT=m
CONFIG_W83977F_WDT=m CONFIG_W83977F_WDT=m
CONFIG_MACHZ_WDT=m CONFIG_MACHZ_WDT=m
CONFIG_INTEL_MEI_WDT=m
CONFIG_NI903X_WDT=m
CONFIG_NIC7018_WDT=m
CONFIG_PCIPCWATCHDOG=m CONFIG_PCIPCWATCHDOG=m
CONFIG_WDTPCI=m CONFIG_WDTPCI=m
CONFIG_USBPCWATCHDOG=m CONFIG_USBPCWATCHDOG=m
...@@ -2061,6 +2081,8 @@ CONFIG_SND_SOC=m ...@@ -2061,6 +2081,8 @@ CONFIG_SND_SOC=m
## file: sound/soc/amd/Kconfig ## file: sound/soc/amd/Kconfig
## ##
CONFIG_SND_SOC_AMD_ACP=m CONFIG_SND_SOC_AMD_ACP=m
CONFIG_SND_SOC_AMD_CZ_DA7219MX98357_MACH=m
CONFIG_SND_SOC_AMD_CZ_RT5645_MACH=m
## ##
## file: sound/soc/codecs/Kconfig ## file: sound/soc/codecs/Kconfig
...@@ -2074,6 +2096,7 @@ CONFIG_SND_SOC_INTEL_SST_TOPLEVEL=y ...@@ -2074,6 +2096,7 @@ CONFIG_SND_SOC_INTEL_SST_TOPLEVEL=y
CONFIG_SND_SOC_INTEL_HASWELL=m CONFIG_SND_SOC_INTEL_HASWELL=m
#. Cannot be enabled together with SND_SST_ATOM_HIFI2_PLATFORM_ACPI #. Cannot be enabled together with SND_SST_ATOM_HIFI2_PLATFORM_ACPI
# CONFIG_SND_SOC_INTEL_BAYTRAIL is not set # CONFIG_SND_SOC_INTEL_BAYTRAIL is not set
# CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_PCI is not set
CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_ACPI=m CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_ACPI=m
CONFIG_SND_SOC_INTEL_SKYLAKE=m CONFIG_SND_SOC_INTEL_SKYLAKE=m
...@@ -2088,12 +2111,19 @@ CONFIG_SND_SOC_INTEL_BYTCR_RT5651_MACH=m ...@@ -2088,12 +2111,19 @@ CONFIG_SND_SOC_INTEL_BYTCR_RT5651_MACH=m
CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH=m CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH=m
CONFIG_SND_SOC_INTEL_CHT_BSW_RT5645_MACH=m CONFIG_SND_SOC_INTEL_CHT_BSW_RT5645_MACH=m
CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH=m CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH=m
CONFIG_SND_SOC_INTEL_CHT_BSW_NAU8824_MACH=m
CONFIG_SND_SOC_INTEL_BYT_CHT_DA7213_MACH=m
CONFIG_SND_SOC_INTEL_BYT_CHT_ES8316_MACH=m CONFIG_SND_SOC_INTEL_BYT_CHT_ES8316_MACH=m
# CONFIG_SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH is not set
CONFIG_SND_SOC_INTEL_SKL_RT286_MACH=m CONFIG_SND_SOC_INTEL_SKL_RT286_MACH=m
CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH=m CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH=m
CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m
# CONFIG_SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH is not set # CONFIG_SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH is not set
# CONFIG_SND_SOC_INTEL_BXT_RT298_MACH is not set # CONFIG_SND_SOC_INTEL_BXT_RT298_MACH is not set
CONFIG_SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH=m
CONFIG_SND_SOC_INTEL_KBL_RT5663_RT5514_MAX98927_MACH=m
CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH=m
CONFIG_SND_SOC_INTEL_GLK_RT5682_MAX98357A_MACH=m
## ##
## file: sound/x86/Kconfig ## file: sound/x86/Kconfig
......
...@@ -19,11 +19,12 @@ virtio_scsi - ...@@ -19,11 +19,12 @@ virtio_scsi -
# Exclude PCMCIA drivers, which depend on pcmcia-modules (FIXME) # Exclude PCMCIA drivers, which depend on pcmcia-modules (FIXME)
drivers/scsi/pcmcia/* - drivers/scsi/pcmcia/* -
# Exclude Chelsio iSCSI drivers, which depend on the corresponding Ethernet # Exclude drivers for converged NICs, packaged in scsi-nic-modules
# drivers in nic-modules (FIXME)
drivers/scsi/cxgbi/* - drivers/scsi/cxgbi/* -
cxgb3i - cxgb3i -
cxgb4i - cxgb4i -
qedf -
qedi -
# Exclude enclosure driver # Exclude enclosure driver
ses - ses -
......
...@@ -100,6 +100,12 @@ Priority: standard ...@@ -100,6 +100,12 @@ Priority: standard
Description: SCSI drivers Description: SCSI drivers
This package contains SCSI drivers for the kernel. This package contains SCSI drivers for the kernel.
Package: scsi-nic-modules
Depends: scsi-modules, nic-modules
Priority: optional
Description: SCSI drivers for converged NICs
This package contains SCSI drivers that depend on net drivers.
Package: loop-modules Package: loop-modules
Depends: kernel-image Depends: kernel-image
Priority: standard Priority: standard
......
From: Vladis Dronov <vdronov@redhat.com>
Date: Tue, 29 Jan 2019 11:58:35 +0100
Subject: HID: debug: fix the ring buffer implementation
Origin: https://git.kernel.org/linus/13054abbaa4f1fd4e6f3b4b63439ec033b4c8035
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-3819
Ring buffer implementation in hid_debug_event() and hid_debug_events_read()
is strange allowing lost or corrupted data. After commit 717adfdaf147
("HID: debug: check length before copy_to_user()") it is possible to enter
an infinite loop in hid_debug_events_read() by providing 0 as count, this
locks up a system. Fix this by rewriting the ring buffer implementation
with kfifo and simplify the code.
This fixes CVE-2019-3819.
v2: fix an execution logic and add a comment
v3: use __set_current_state() instead of set_current_state()
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1669187
Cc: stable@vger.kernel.org # v4.18+
Fixes: cd667ce24796 ("HID: use debugfs for events/reports dumping")
Fixes: 717adfdaf147 ("HID: debug: check length before copy_to_user()")
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
---
drivers/hid/hid-debug.c | 120 ++++++++++++++++++----------------------------
include/linux/hid-debug.h | 9 ++--
2 files changed, 51 insertions(+), 78 deletions(-)
diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c
index c530476edba6..ac9fda1b5a72 100644
--- a/drivers/hid/hid-debug.c
+++ b/drivers/hid/hid-debug.c
@@ -30,6 +30,7 @@
#include <linux/debugfs.h>
#include <linux/seq_file.h>
+#include <linux/kfifo.h>
#include <linux/sched/signal.h>
#include <linux/export.h>
#include <linux/slab.h>
@@ -661,17 +662,12 @@ EXPORT_SYMBOL_GPL(hid_dump_device);
/* enqueue string to 'events' ring buffer */
void hid_debug_event(struct hid_device *hdev, char *buf)
{
- unsigned i;
struct hid_debug_list *list;
unsigned long flags;
spin_lock_irqsave(&hdev->debug_list_lock, flags);
- list_for_each_entry(list, &hdev->debug_list, node) {
- for (i = 0; buf[i]; i++)
- list->hid_debug_buf[(list->tail + i) % HID_DEBUG_BUFSIZE] =
- buf[i];
- list->tail = (list->tail + i) % HID_DEBUG_BUFSIZE;
- }
+ list_for_each_entry(list, &hdev->debug_list, node)
+ kfifo_in(&list->hid_debug_fifo, buf, strlen(buf));
spin_unlock_irqrestore(&hdev->debug_list_lock, flags);
wake_up_interruptible(&hdev->debug_wait);
@@ -722,8 +718,7 @@ void hid_dump_input(struct hid_device *hdev, struct hid_usage *usage, __s32 valu
hid_debug_event(hdev, buf);
kfree(buf);
- wake_up_interruptible(&hdev->debug_wait);
-
+ wake_up_interruptible(&hdev->debug_wait);
}
EXPORT_SYMBOL_GPL(hid_dump_input);
@@ -1083,8 +1078,8 @@ static int hid_debug_events_open(struct inode *inode, struct file *file)
goto out;
}
- if (!(list->hid_debug_buf = kzalloc(HID_DEBUG_BUFSIZE, GFP_KERNEL))) {
- err = -ENOMEM;
+ err = kfifo_alloc(&list->hid_debug_fifo, HID_DEBUG_FIFOSIZE, GFP_KERNEL);
+ if (err) {
kfree(list);
goto out;
}
@@ -1104,77 +1099,57 @@ static ssize_t hid_debug_events_read(struct file *file, char __user *buffer,
size_t count, loff_t *ppos)
{
struct hid_debug_list *list = file->private_data;
- int ret = 0, len;
+ int ret = 0, copied;
DECLARE_WAITQUEUE(wait, current);
mutex_lock(&list->read_mutex);
- while (ret == 0) {
- if (list->head == list->tail) {
- add_wait_queue(&list->hdev->debug_wait, &wait);
- set_current_state(TASK_INTERRUPTIBLE);
-
- while (list->head == list->tail) {
- if (file->f_flags & O_NONBLOCK) {
- ret = -EAGAIN;
- break;
- }
- if (signal_pending(current)) {
- ret = -ERESTARTSYS;
- break;
- }
+ if (kfifo_is_empty(&list->hid_debug_fifo)) {
+ add_wait_queue(&list->hdev->debug_wait, &wait);
+ set_current_state(TASK_INTERRUPTIBLE);
+
+ while (kfifo_is_empty(&list->hid_debug_fifo)) {
+ if (file->f_flags & O_NONBLOCK) {
+ ret = -EAGAIN;
+ break;
+ }
- if (!list->hdev || !list->hdev->debug) {
- ret = -EIO;
- set_current_state(TASK_RUNNING);
- goto out;
- }
+ if (signal_pending(current)) {
+ ret = -ERESTARTSYS;
+ break;
+ }
- /* allow O_NONBLOCK from other threads */
- mutex_unlock(&list->read_mutex);
- schedule();
- mutex_lock(&list->read_mutex);
- set_current_state(TASK_INTERRUPTIBLE);
+ /* if list->hdev is NULL we cannot remove_wait_queue().
+ * if list->hdev->debug is 0 then hid_debug_unregister()
+ * was already called and list->hdev is being destroyed.
+ * if we add remove_wait_queue() here we can hit a race.
+ */
+ if (!list->hdev || !list->hdev->debug) {
+ ret = -EIO;
+ set_current_state(TASK_RUNNING);
+ goto out;
}
- set_current_state(TASK_RUNNING);
- remove_wait_queue(&list->hdev->debug_wait, &wait);
+ /* allow O_NONBLOCK from other threads */
+ mutex_unlock(&list->read_mutex);
+ schedule();
+ mutex_lock(&list->read_mutex);
+ set_current_state(TASK_INTERRUPTIBLE);
}
- if (ret)
- goto out;
+ __set_current_state(TASK_RUNNING);
+ remove_wait_queue(&list->hdev->debug_wait, &wait);
- /* pass the ringbuffer contents to userspace */
-copy_rest:
- if (list->tail == list->head)
+ if (ret)
goto out;
- if (list->tail > list->head) {
- len = list->tail - list->head;
- if (len > count)
- len = count;
-
- if (copy_to_user(buffer + ret, &list->hid_debug_buf[list->head], len)) {
- ret = -EFAULT;
- goto out;
- }
- ret += len;
- list->head += len;
- } else {
- len = HID_DEBUG_BUFSIZE - list->head;
- if (len > count)
- len = count;
-
- if (copy_to_user(buffer, &list->hid_debug_buf[list->head], len)) {